Closed Tommixe closed 5 months ago
Hi! Thank you for your kind words <3
Yeah Hydra is not super intuitive. You're ALMOST there, you just gotta specify the branch/ref, like so:
Hi! Thanks for the help. I found the problem. I'm using a private repo and I thought I was able to fully read it since a manually configured jobset was working. I then find out that the "Git checkout" plugin doesn't support reading from private repo.
The way to make this working with a private repo is to create a new public repo with only the .hydra.json file. Hydra can read the file and then can access the flake uri defined in the json file that is in the private repo.
Note: to make Hydra access a private you need to add a personal github token to the nix.conf file of the machine running hydra server. I did this creating the file "hosts/common/optional/gh-token.nix" with the following content and including it in the file "hosts/ws01/services/default.nix" that defines the service for my machine "ws01"
{config, ...}: {
nix.extraOptions = '' !include ${config.sops.templates."nix-extra-config".path} '' ;
nix.checkConfig = false;
sops.templates."nix-extra-config" = {
content = ''
access-tokens = github.com=${config.sops.placeholder.github-token}
'';
};
sops.secrets.github-token = {
sopsFile = ../secrets.yaml;
};
}
Hi @Tommixe thanks for this, but I am guessing this assumes your private repo is still on GitHub. Is that correct?
I am trying to use a private repo on gitea.
Hello, Yes the repo is in Github. Anyway I'm still struggling with it. The jobset creation and first evaluation worked well, but any new commit (on both repos) doesn't trigger the evaluation. I didn't have time yet to figure out which is the problem.
I finally make it work. The github token secrets has to be readable by hydra user, otherwise hydra always evaluate the latest cached flake url.
{config, ...}: {
nix.extraOptions = '' !include ${config.sops.templates."nix-extra-config".path} '' ;
nix.checkConfig = false;
users.groups.nix-access-tokens = { };
sops.templates."nix-extra-config" = {
content = ''
access-tokens = github.com=${config.sops.placeholder.github-token}
'';
group = config.users.groups.nix-access-tokens.name;
mode = "0440";
};
#users.groups.nix-access-tokens.gid = config.ids.gids.nix-access-tokens;
sops.secrets.github-token = {
sopsFile = ../secrets.yaml;
restartUnits = ["nix-daemon.service"];
};
}
and in hydra defalut.nix
{ pkgs, lib, config, outputs, inputs, ... }:
let
hydraUser = config.users.users.hydra.name;
hydraGroup = config.users.users.hydra.group;
tokenGroup = config.users.groups.nix-access-tokens.name;
...
users.users = {
hydra.extraGroups = [ tokenGroup ] ;
hydra-queue-runner.extraGroups = [ hydraGroup tokenGroup ];
hydra-www.extraGroups = [ hydraGroup tokenGroup ];
};
systemd.services.hydra-evaluator.serviceConfig.SupplementaryGroups = [ tokenGroup ];
systemd.services.hydra-queue-runner.serviceConfig.SupplementaryGroups = [ tokenGroup ];
...
Hello, first of all thanks a lot for the great repo you have created. It's very inspiring. I'm trying to use Hydra to build my main branch, but I'm not able to create a working Hydra project in the Hydra webpage. Could you please share which are the correct values for "Declarative spec file" (.hydra.json?) , "Declarative input type" (Git checkout?) and "Declarative input value" fields on the new Hydra project form?
Thanks Tommaso